Commit graph

382 commits

Author SHA1 Message Date
Joseph Schorr
a0c4e72f13 Clean up the repository list API and loads stars with it
We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified)
2015-07-22 13:05:02 -04:00
Jake Moshenko
679044574a Merge pull request #231 from coreos-inc/smallfix
Small API fixes
2015-07-20 13:45:24 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Joseph Schorr
7a548ea101 Fix queries for repository list popularity and action count
Before this change, we used extremely inefficient outer joins as part of a single query of lookup, which was spiking our CPU usage to nearly 100% on the query. We now issue two separate queries for popularity and action account, by doing a lookup of the previously found IDs. Interestingly enough, because of the way the queries are now written, MySQL can actually do both queries *directly from the indicies*, which means they each occur in approx 20ms!

Verified by local tests, postgres tests, and testing on staging with monitoring of our CPU usage during lookup
2015-07-17 00:08:27 +03:00
Jake Moshenko
c64e490059 Merge pull request #136 from coreos-inc/syslogviewfix
Fix logs view in superuser panel
2015-07-15 18:22:23 -04:00
Jake Moshenko
f5ee7a6697 Make the scopes dynamic based on app config. 2015-07-15 18:13:15 -04:00
Joseph Schorr
f6a9afce90 Change abort to NotFound so it is properly formatted into JSON 2015-07-14 11:34:45 +03:00
Joseph Schorr
e04c22867c Switch logs to use a single comprehension 2015-07-13 12:45:08 +03:00
Joseph Schorr
3a59c99b08 Add a secondary tab to Teams for managing org members
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click

Fixes #212
2015-07-02 17:06:36 +03:00
josephschorr
cb238f8764 Merge pull request #207 from coreos-inc/squashperm
Have the fetch tag dialog show a warning for robot accounts without access
2015-07-02 10:23:14 +03:00
Jake Moshenko
ba067048d8 Merge pull request #203 from coreos-inc/encpass
Add encrypted password output in the superuser API
2015-07-01 12:40:05 -04:00
Joseph Schorr
b535e222b8 Have the fetch tag dialog show a warning for robot accounts without access
Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.
2015-07-01 19:37:52 +03:00
Joseph Schorr
b91b60e83d Add encrypted password output in the superuser API
When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along
2015-07-01 19:29:42 +03:00
josephschorr
7aeaf2344e Merge pull request #200 from coreos-inc/tagapilimit
Add pagination support to tag history API
2015-06-30 22:09:09 +03:00
Joseph Schorr
f7f10f4a6d Add pagination support to tag history API
Fixes #198
2015-06-30 19:44:43 +03:00
Joseph Schorr
87efcb9e3d Delegated superuser API access
Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users.
2015-06-30 11:08:26 +03:00
Joseph Schorr
81bb76d3df Fix spelling mistakes 2015-06-29 21:38:01 +03:00
Joseph Schorr
2b1bbcb579 Add a table view to the repos list page
Fixes #104
2015-06-29 21:12:53 +03:00
Jimmy Zelinskie
756d6784ca Merge pull request #192 from coreos-inc/sqlssl
Allow SSL cert for the database to be configured
2015-06-29 13:33:31 -04:00
Jake Moshenko
6e6b3c675f Merge pull request #28 from coreos-inc/swagger2
Switch to Swagger v2
2015-06-29 12:18:10 -04:00
Joseph Schorr
dc5af7496c Allow superusers to disable user accounts 2015-06-29 18:40:52 +03:00
Joseph Schorr
b8c74bbb17 Remove container usage tab and replace with changlog view
Fixes #179
2015-06-29 11:07:46 +03:00
Joseph Schorr
bb07d0965f Allow SSL cert for the database to be configured
This change adds a field for the SSL cert for the database in the setup tool. Fixes #89
2015-06-29 08:08:10 +03:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Joseph Schorr
ce6474c6b5 Robots API for users should not be internal-only 2015-06-22 15:14:10 -04:00
Joseph Schorr
3fb2a33ee7 Fix the API service to use the new Swagger description form 2015-06-22 15:13:26 -04:00
Joseph Schorr
33b31a2451 Fix logs view in superuser panel
This seems to have been broken ever since we moved to syslog
2015-06-15 20:55:23 -04:00
Joseph Schorr
e7fa560787 Add support for custom fields in billing invoices
Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.

Fixes #106
2015-06-12 16:45:01 -04:00
Jake Moshenko
2a2414d6af Merge pull request #60 from coreos-inc/jwtauthentication
Add support for an external JWT-based authentication system
2015-06-05 13:37:42 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
2015-06-05 13:20:10 -04:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Joseph Schorr
c0e995c1d4 Merge branch 'master' into nolurk 2015-06-02 13:55:16 -04:00
Joseph Schorr
fdd43e2490 Change API calls that expect non-robots to explicitly filter
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
2015-05-26 17:47:33 -04:00
Joseph Schorr
855f3a3e4d Have the verifyUser endpoint use the same confirm_existing_user method
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
2015-05-22 16:26:26 -04:00
Joseph Schorr
b0d763b5ff Fix encrypted password generator to use the LDAP username, not the Quay username.
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
0bc1c29dff Switch the Python side to Swagger v2 2015-05-14 16:47:38 -04:00
Joseph Schorr
3e1abba284 Add ability for super users to rename and delete organizations 2015-05-11 18:03:25 -04:00
Joseph Schorr
1c41d34b7c Add ability for superusers to change user emails 2015-05-11 14:38:10 -04:00
Joseph Schorr
f858caf6cd Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 16:43:07 -04:00
Joseph Schorr
c767aafcd6 Make the repository API faster by only checking the log entries table once for each kind of entry, rather than twice. We make use of a special subquery-like syntax, which allows us to count those entries that are both 30 days only and 1 day old in the same query. This was tested successfully on MySQL, Postgres and Sqlite. 2015-05-07 22:49:11 -04:00
Joseph Schorr
3627de103c Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build. 2015-05-07 21:11:15 -04:00
Joseph Schorr
a46d367276 Remove unneeded repo filter 2015-05-06 20:55:17 -04:00
Joseph Schorr
e647d91e8b Switch the repos page to use a single API call, rather than one per namespace + one for star repos 2015-05-06 19:15:03 -04:00
Joseph Schorr
0b990677a0 More code cleanup and fix bug around can_admin in the trigger_view 2015-05-03 11:02:05 -07:00
Joseph Schorr
d07f9f04e9 UI and code improvements to make working with the multiple SCMs easier 2015-05-03 10:38:11 -07:00
Joseph Schorr
c14368fc66 Fix typo 2015-04-30 16:47:16 -04:00
Joseph Schorr
b96e35b28c Merge master into bitbucket 2015-04-30 15:52:08 -04:00
Joseph Schorr
b7317f894b UI fixes for all the new trigger stuff 2015-04-30 15:33:19 -04:00
Joseph Schorr
60036927c9 Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email. 2015-04-29 20:30:37 -04:00
Joseph Schorr
d5c70878c5 Get build preparation working for bitbucket and do a lot of code cleanup around this process across all the triggers. Note: tests are not yet updated. 2015-04-29 17:04:52 -04:00
Joseph Schorr
5cc91ed202 Work in progress: bitbucket support 2015-04-24 18:36:48 -04:00
Jimmy Zelinskie
852aa33101 endpoints.trigger: activate: ret private config 2015-04-23 18:16:09 -04:00
Jimmy Zelinskie
2a13eade80 Merge pull request #22 from coreos-inc/git
git's a pretty cool guy
2015-04-23 17:33:36 -04:00
Joseph Schorr
d6a1493d52 Fix build logs on Safari by having the client JS handle the redirect manually, rather than the browser itself; Safari doesn't support 302 redirects to another domain inside an XHR. 2015-04-22 15:16:59 -04:00
Jimmy Zelinskie
cfcd636cc0 only send build config to admins 2015-04-22 14:30:06 -04:00
Joseph Schorr
f1ea20315a Finish mobilification of org view 2015-04-20 14:00:10 -04:00
Joseph Schorr
62770674d4 Switch to a 0.5 modifier 2015-04-20 13:00:56 -04:00
Joseph Schorr
ae55b8dd0e Make the search action not return scores of zero if there is no character matching 2015-04-20 13:00:38 -04:00
Joseph Schorr
16e05e83b1 Score based on the robot short name 2015-04-20 12:51:47 -04:00
Jimmy Zelinskie
93cd459460 Merge branch 'master' into git 2015-04-20 10:58:49 -04:00
Joseph Schorr
d1e2d072ea Add unit tests and a stronger restriction on the revert API call 2015-04-19 15:43:16 -04:00
Jimmy Zelinskie
ba2cb08904 Merge branch 'master' into git 2015-04-16 17:38:35 -04:00
Joseph Schorr
f19d2f684e Add ability to revert tags via time machine 2015-04-16 17:18:00 -04:00
Jimmy Zelinskie
0c3becd204 endpoints.api.trigger: clarify token->write_token 2015-04-16 12:06:05 -04:00
Joseph Schorr
f8c80f7d11 Add a history view to the tags page. Next step will add the ability to revert back in time 2015-04-15 15:21:09 -04:00
Joseph Schorr
1df025b57e Change search to use a set of queries for repo lookup rather than a single monolithic query, in the hopes that this will make things significantly faster and actually useable. The individual queries have been tested by hand on MySQL, but the real test will be staging 2015-04-10 15:27:37 -04:00
Joseph Schorr
0be0aed17d Move the repo sorting by pull count into the main matching query, to both make it more accurate and make the search faster 2015-04-09 14:41:59 -04:00
Joseph Schorr
396cba64e6 Fix search to return better results by searching for robots and namespaces in different queries. 2015-04-09 12:57:20 -04:00
Joseph Schorr
4f4bb05621 Fix search SQL issues 2015-04-08 17:41:08 -04:00
Joseph Schorr
19e25ac340 Merge branch 'master' into bing 2015-04-08 15:23:36 -04:00
Joseph Schorr
d09f2f6e22 Get the new context-sensitive new menu working 2015-04-07 18:33:43 -04:00
Joseph Schorr
40a6892a49 Add search tests 2015-04-07 14:05:12 -04:00
Joseph Schorr
1b56567268 Make sure also include teams from organizations that the user admins 2015-04-07 13:45:49 -04:00
Joseph Schorr
a34d56045f Add scoring based on the string distance 2015-04-07 12:32:23 -04:00
Joseph Schorr
951b0cbab8 Start on new interactive search 2015-04-06 19:17:18 -04:00
Jimmy Zelinskie
c8b931609e unsupported alert for robot selection 2015-04-06 14:53:54 -04:00
Jimmy Zelinskie
f782764ba5 trigger: add commit_sha to json schema 2015-04-03 17:20:30 -04:00
Joseph Schorr
4cb7921c3a Make sure to show public repos on the user and orgs pages 2015-04-03 14:55:09 -04:00
Joseph Schorr
036c8e56e0 Add proper error handling when the config volume is mounted in a read-only state. 2015-04-02 18:54:09 -04:00
Joseph Schorr
f67eeee8c8 Start conversion of the user admin/view 2015-04-02 16:34:41 -04:00
Joseph Schorr
5fc8e632d6 Redo the permissions table to have different sections for users and robot accounts 2015-04-01 14:23:39 -04:00
Joseph Schorr
5cd500257d Merge branch 'master' into orgview 2015-04-01 13:56:49 -04:00
Joseph Schorr
fde9666647 Add the team membership to the robots view 2015-04-01 13:56:30 -04:00
Joseph Schorr
1f5e6df678 - Fix tests
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
2015-03-31 18:50:43 -04:00
Joseph Schorr
9018cf14eb Better UI for the permissions table in the repository, as well as fix some other avatar issues 2015-03-31 14:36:09 -04:00
Joseph Schorr
27a9b84587 Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists 2015-03-30 17:55:04 -04:00
Jimmy Zelinskie
fba61d96dc callbacks: add proper custom git callback 2015-03-27 11:22:07 -04:00
Joseph Schorr
384d6083c4 Make sure to conduct login after the password change now that the session will be invalidated for the user 2015-03-26 20:04:32 -04:00
Jimmy Zelinskie
998c6007cd trigger: initial custom git trigger 2015-03-26 16:20:53 -04:00
Joseph Schorr
aaf1b23e98 Address CL concerns and switch to a real encryption system 2015-03-26 15:10:58 -04:00
Joseph Schorr
e4b659f107 Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords 2015-03-25 18:43:12 -04:00
Joseph Schorr
2459b6b467 Start on new org view 2015-03-25 15:31:05 -04:00
Jimmy Zelinskie
cd1b003ca6 buildcomponent: handle builds without resource_key 2015-03-23 15:46:23 -04:00
Joseph Schorr
049148cb87 Work in progress: new image view 2015-03-20 17:46:02 -04:00
Jimmy Zelinskie
e6a7156657 triggers: gen ssh keypair outside of activate()
This keeps the private key from ever being exposed to the client.
2015-03-19 14:31:01 -04:00
Joseph Schorr
ab2331a486 Performance improvements for the repo API and the new repo UI 2015-03-18 14:47:53 -04:00
Joseph Schorr
699cb9a5da Fix last modified date time handling for tags with no date times, and fix the sort ordering 2015-03-17 16:49:22 -04:00
Joseph Schorr
333e0acd6d Add the builds tab 2015-03-13 15:34:28 -07:00